Existence of private projects indicated by error message from unauthenticated access to `/issues/new`
Summary
The authentication banner displays the message "Please sign in to create the new issue" when a private projects new issues URI is accessed in an unauthenticated manner.
Impact
Impact on it's own is minor, however, when combined with an vulnerability such as !45689, it could be used for targeted private project contents disclosure.
Steps to reproduce
Directly access a private projects /issues/new
URL from a new private browsing window: https://gitlab.com/asaba/dotfiles/issues/new
Example Project
Any private project.
What is the current bug behavior?
The blue "Please sign in to create the new issue" is shown, indicating the existence of a private project.
What is the expected correct behavior?
The generic red "You must log in to continue" banner should be shown to the user for any attempted unauthenticated access.
Relevant logs and/or screenshots
Edited by Antony Saba